mirror of
https://github.com/spacebarchat/server.git
synced 2024-11-21 18:02:33 +01:00
Add register ratelimit
This commit is contained in:
parent
f5671775ef
commit
3227933f28
@ -1,2 +1,3 @@
|
||||
assets
|
||||
dist
|
||||
dist
|
||||
node_modules
|
@ -13,6 +13,8 @@
|
||||
"EMAIL_ALREADY_REGISTERED": "Email is already registered",
|
||||
"DATE_OF_BIRTH_UNDERAGE": "You need to be {{years}} years or older",
|
||||
"CONSENT_REQUIRED": "You must agree to the Terms of Service and Privacy Policy.",
|
||||
"USERNAME_TOO_MANY_USERS": "Too many users have this username, please try another"
|
||||
"USERNAME_TOO_MANY_USERS": "Too many users have this username, please try another",
|
||||
"GUESTS_DISABLED": "Guest users are disabled",
|
||||
"TOO_MANY_REGISTRATIONS": "Too many registrations, please try again later"
|
||||
}
|
||||
}
|
||||
|
@ -17,6 +17,7 @@ import {
|
||||
} from "@fosscord/api";
|
||||
import bcrypt from "bcrypt";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { MoreThan } from "typeorm";
|
||||
|
||||
const router: Router = Router();
|
||||
|
||||
@ -25,7 +26,7 @@ router.post(
|
||||
route({ body: "RegisterSchema" }),
|
||||
async (req: Request, res: Response) => {
|
||||
const body = req.body as RegisterSchema;
|
||||
const { register, security } = Config.get();
|
||||
const { register, security, limits } = Config.get();
|
||||
const ip = getIpAdress(req);
|
||||
|
||||
// email will be slightly modified version of the user supplied email -> e.g. protection against GMail Trick
|
||||
@ -198,6 +199,19 @@ router.post(
|
||||
});
|
||||
}
|
||||
|
||||
if (
|
||||
limits.absoluteRate.register.enabled &&
|
||||
(await User.count({ where: { created_at: MoreThan(new Date(Date.now() - limits.absoluteRate.register.window)) } }))
|
||||
>= limits.absoluteRate.register.limit
|
||||
) {
|
||||
console.log(
|
||||
`Global register ratelimit exceeded for ${getIpAdress(req)}, ${req.body.username}, ${req.body.invite || "No invite given"}`
|
||||
);
|
||||
throw FieldErrors({
|
||||
email: { code: "TOO_MANY_REGISTRATIONS", message: req.t("auth:register.TOO_MANY_REGISTRATIONS") }
|
||||
});
|
||||
}
|
||||
|
||||
const user = await User.register({ ...body, req });
|
||||
|
||||
if (body.invite) {
|
||||
|
@ -1,4 +1,4 @@
|
||||
import { ChannelLimits, GuildLimits, MessageLimits, RateLimits, UserLimits } from ".";
|
||||
import { ChannelLimits, GlobalRateLimits, GuildLimits, MessageLimits, RateLimits, UserLimits } from ".";
|
||||
|
||||
export class LimitsConfiguration {
|
||||
user: UserLimits = new UserLimits();
|
||||
@ -6,4 +6,5 @@ export class LimitsConfiguration {
|
||||
message: MessageLimits = new MessageLimits();
|
||||
channel: ChannelLimits = new ChannelLimits();
|
||||
rate: RateLimits = new RateLimits();
|
||||
}
|
||||
absoluteRate: GlobalRateLimits = new GlobalRateLimits();
|
||||
}
|
||||
|
@ -0,0 +1,10 @@
|
||||
export class GlobalRateLimits {
|
||||
register: GlobalRateLimit = { limit: 25, window: 60 * 60 * 1000, enabled: true };
|
||||
sendMessage: GlobalRateLimit = { limit: 50, window: 60 * 1000, enabled: true };
|
||||
}
|
||||
|
||||
export class GlobalRateLimit {
|
||||
limit: number = 100;
|
||||
window: number = 60 * 60 * 1000;
|
||||
enabled: boolean = true;
|
||||
}
|
@ -1,4 +1,5 @@
|
||||
export * from "./ChannelLimits";
|
||||
export * from "./GlobalRateLimits";
|
||||
export * from "./GuildLimits";
|
||||
export * from "./MessageLimits";
|
||||
export * from "./RateLimits";
|
||||
|
Loading…
Reference in New Issue
Block a user